<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
I've been working a lot with the dd-wrt and openwrt on my Linksys
WRT54GL.<br>
<br>
I tried the 2.6 kernel version of OpenWRT, because I wanted to use
Shorewall on OpenWRT, and I'm a bleeding edge idiot. Well, it was
difficult and updating packages just didn't work right. The
dependencies for the packages I wanted to install continually had
errors. It may have been the 2.6 version. I didn't try the 2.4
version, but I'm coming back around to trying it soon. In OpenWRT, the
web based GUI is actually a separate package. It's well conceived, but
it just didn't work ("It" being the 2.6 kernel version for the
WRT54GL/Broadcom).<br>
<br>
I've installed DD-WRT on several routers with relative success. The
web interface is easy, but in their efforts to make it stupid proof and
web -based, it isn't very modifiable -- unless someone has written a
script to handle the modification exactly the way you envision it.
Case in point: My OpenVPN client on my DD-WRT router doesn't allow
traffic from the office LAN back to my home LAN. There is a hack to
allow it, but it's crude and if you make any other change to the router
settings without breaking the hack (unless you thereafter reboot the
router, which I must do remotely often). Also, DD-WRT's dhcpd(both
versions) doesn't allow for an rndc.key for secure dynamic dns updates
to the internal BIND servers, which for SMB networking leaves you with
a choice of either allowing the workstations to do the update and make
your BIND servers insecure, or run WINS -- neither are attractive.<br>
<br>
So while DD-WRT is much prettier and easier, it's not the most robust.
<br>
<br>
I did a little looking at the "Tomato" firmware pushed by Netgear's new
router, and I wasn't impressed.<br>
<br>
I know nothing about the DebianWRT, other than it seems pretty new.<br>
<br>
<br>
You may want to even look at this:<br>
<a class="moz-txt-link-freetext" href="http://blogs.zdnet.com/Ou/?p=1007">http://blogs.zdnet.com/Ou/?p=1007</a><br>
<a class="moz-txt-link-freetext" href="http://www.logicsupply.com/products/perimeter_b">http://www.logicsupply.com/products/perimeter_b</a><br>
<br>
<br>
<br>
<div class="moz-signature">
<div style="color: rgb(36, 91, 126); font-size: 11pt;">Brian W. Neu<br>
Principal<br>
Advanced Open Systems, Inc.<br>
<span style="font-style: italic;">Technology Applied for Business</span><br>
404.452.0043 (v) <br>
404.418.6911 (f)
</div>
</div>
<br>
<br>
John Wells wrote:
<blockquote
cite="mid:44dddf400807141027x70d77581sca00629452d00258@mail.gmail.com"
type="cite">
<pre wrap="">Guys,
For years and years, I've used a combination of a Linksys WAP and open
source (at times homegrown, Smoothwall, PFsense, and now IPCop)
firewalls to protect my home LAN. However, given space requirements in
my office and the attempt to be greener, I'm eliminating most of my
desktop machines with low-power devices. I first replaced my homegrown
NAS with a NetGear ReadyNAS device (which, btw, is very nice and runs
Debian under the covers)...now, I'm looking at the firewall.
I'd like a device that will provide very, very good protection on the
broadband and wireless interfaces, while allowing wireless clients to
connect via VPN so that they can access the rest of my LAN. It's also
very important that the VPN works well with Linux.
Can anyone recommend a decent, affordable, and most important, secure, device?
Thanks!
John
_______________________________________________
Ale mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Ale@ale.org">Ale@ale.org</a>
<a class="moz-txt-link-freetext" href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a>
</pre>
</blockquote>
</body>
</html>